# 密码强度
cp /etc/pam.d/system-auth /etc/pam.d/system-auth.bak ; sed -i '/pam_pwquality\.so/s/.*/password    requisite    pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type= minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 enforce_for_root/' /etc/pam.d/system-auth

# 过期策略
cp /etc/login.defs /etc/login.defs.bak ; sed -i 's/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 180/' /etc/login.defs ; sed -i 's/^PASS_MIN_DAYS.*/PASS_MIN_DAYS 1/' /etc/login.defs ;sed -i 's/^PASS_MIN_LEN.*/PASS_MIN_LEN 8/' /etc/login.defs ;sed -i 's/^PASS_WARN_AGE.*/PASS_WARN_AGE 28/' /etc/login.defs

# 日志保留时间
cp /etc/logrotate.conf /etc/logrotate.conf.bak ;sed -i 's/^weekly.*/24/' /etc/logrotate.conf 

# 登录超时
echo 'export TMOUT=300' >> /etc/profile

# SSH合规登录超时策略
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak ; sed -i 's/^#ClientAliveInterval.*/ClientAliveInterval 60/' /etc/ssh/sshd_config ; sed -i 's/^ClientAliveCountMax 0/ClientAliveCountMax 3/' /etc/ssh/sshd_config 


#建议在/etc/profile”文件中的“HISTFILESIZE”和“HISTSIZE”行的值设为0
echo 'export HISTFILESIZE=0' >> /etc/profile ; sed -i 's/^HISTSIZE.*/HISTSIZE=0/' /etc/profile
